Grab is in the limelight again for security issues except, this time, real money was lost.
On 16 Nov 2020, Grab responded to several police reports that were lodged alleging unauthorised transactions via the Grab e-wallet.
It urges Grab customers to be more vigilant when shopping online, and to ensure that their personal account and Grab-generated OTPs are not shared with others.
What Happened
In Oct 2020, police reports were lodged by users who discovered that unauthorised transactions made via their Grab e-wallet.
According to security experts, the way the transactions were made are similar to everyday use, which makes it hard for a company which processes millions of transactions a day to detect.
There are at least five of such police reports lodged and it was reported that the cases involve Grab-generated OTPs that are sent to users to verify purchases.
Unauthorised Top Ups
Now, I know what you’re thinking.
What if I have less than a dollar in my GrabPay account? Problem solved, right?
Turns out, the users had unauthorised top-ups made to their GrabPay account with the credit card that’s linked to their Grab app.
Then, the e-wallet is used to make unauthorised transactions to Qoo10 or Razer Gold, Razer’s virtual gaming credit.
The amount of these unauthorised transactions range between S$100 and S$260.
Correct OTP Given
The Straits Times further reported that two of the victims had reached out to Grab to ask for a refund on the unauthorised transactions.
However, Grab says it’s unable to do so because the correct OTP was given during the purchase.
But wait: how can!?
A security expert speculated that the OTPs could’ve been stolen via malware installed on the phones.
Pointing out “fun apps like camera apps or those that can swap faces”, he said that the apps could’ve asked for the content of the GrabPay users’ messages, including OTPs.
Advertisements
These codes could then have been sent to the fraudsters.
Other ways they could do so is to impersonate a Grab staff member to get the password or pose as the victim to ask for a replacement SIM.
Still A Safe Platform
A spokesperson for Grab said that they are aware of the incident and are working closely with authorities.
However, he assured, Grab is still a safe platform.
It was added that Grab has implemented artificial intelligence (AI) to detect and learn from fraudulent transactions that happened on their platform.
Advertisements
Security experts, however, are leery and believes that more should be done.
AI and machine learning defence technologies, Mr Justin Lie, chief executive of cyber-security firm Shield said, are not designed to spot “sporadic and opportunistic fraud”.
“They may look at a user’s average spend or physical location, but as long as these are relatively normal, fraud will go undetected.”
Companies, he pointed out, will have to go deeper and check if there is any GPS spoofer or app cloners on the user device itself.
Another expert, Mr Phil Pomford from FIS, said that a combination of “intelligent software, data engines and teams of experts” are needed to more precisely detect such abnormal transactions.
For tips on how to avoid and detect malware on your phone, these articles by CNET and Wandera might be a good read.
This incident comes two months after Grab was fined $10,000 for exposing over 21,000 users’ data.
Advertisements
Featured Image: Yaoinlove / Shutterstock.com
Read Also:
- You Can Soon See “Northern Lights” in Gardens by the Bay & It’s Free
- Everything About the Eta Aquarids Meteor Shower That’ll Be in S’pore Sky in May
- S’porean Killed in Spain Had Bought Insurance Policy from Suspect
- Everything About the 15YO Who Lived in a Circuit Road Market Stall
- Walk-Ins for Some Traffic-Related Service in TP Be Discontinued & People Have Book Appointments Instead
- Certain Parts of Telok Blangah Hill Park to be Closed for 2 Years After Slope Failure
Advertisements